0.8.1

Highlights

• Qemu arm launcher example by @TeumessianFox in #708
• Windows support for LLVM passes by @abgeana in #710
• Mac OS Autotokens by @tokatoka #723
• Raw API for full-system libafl_qemu by @andreafioraldi in #692

Further Changes

• Prelude module by @andreafioraldi in #709
• Change StdWeightedScheduler API by @tokatoka in #712
• Add HitcountsIterableMapObserver, rename AsMutIter to AsIterMut by @domenukk in #713
• Updated requirements in #714 & #715
• Remove num_cpus dependency by @domenukk in #717
• Deriving Clone for NopMonitor by @z2-2z in #721
• add rustfmt.toml by @syheliel in #722

Fixes

• Update fuzzbench_weighted to EXPLORE, fix linking by @tokatoka in #707
• Fix Autotokens by @tokatoka in #706
• Fix SIGILL handling in libafl_qemu by @andreafioraldi in #711
• Resize MapFeedbackMetadata with observer.initial() by @tokatoka in #718
• Simd Fix by @tokatoka in #729
• fix typo in aarch64.rs by @zuypt in #731

New Contributors

• @zuypt made their first contribution in #731

Full Changelog: 0.8.0...0.8.1

0.8.0

Highlights

• Graphical TUI Monitor based on tui-rs (#480)
• Differential Fuzzing Support: Differential executor, diff feedback, stdio observers (#521)
• Grimoire structured fuzzing support (#487)
• LLVM AutoTokens (#470)
• Much simpler API for feedback states (#627)
• Switched all example fuzzers from Makefiles to cargo-make (#537)
• libafl::Error can generate Backtraces (#617)
• Refactored libafl Python (#632)
• [libafl_frida] Enabled ASan for Apple (#478)
• [libafl_qemu] snapshot fuzzing (#484)
• [libafl_qemu] custom GDB commands for LibAFL (#671)

Further Changes

• Rework ShMem by @domenukk in #472
• libfuzzer-like repro arguments for fuzzbench by @andreafioraldi in #475
• Add AsSlice, AsMutSlice traits, refactor MapObservers to be iterable, and have associated types by @domenukk in #477
• [libafl_qemu] map_fixed and mprotect target memory by @evanrichter in #483
• AnyMap and owned collections of Observers and Stages by @andreafioraldi in #491
• [libafl_qemu] simplify emu::{read,write}_mem by @evanrichter in #496
• Expose more options to python qemu sugar by @epi052 in #492
• [libafl_qemu] GuestAddr type by @evanrichter in #501
• extend python forkserver api by @epi052 in #500
• Add options parser by @epi052 in #493
• Implement backtrace observers for crash dedupe by @yussf in #379
• Builder for CommandExecutor & Tokens Refactoring by @domenukk in #508
• Coverage accounting (BB metric atm) by @andreafioraldi in #507
• Frida Runtime Tuples by @tokatoka in #457
• frida-asan: Throw an exception on a failed new instead of just returning null by @s1341 in #512
• libafl_cc: -fsanitize=fuzzer is an alias to --libafl by @andreafioraldi in #518
• Non weak default sanitizers options functions by @andreafioraldi in #519
• Set map observers initial value to T::default() on creation by @andreafioraldi in #520
• Forkserver builder by @tokatoka in #523
• Autodict forkserver by @tokatoka in #525
• Github workflows frida build on windows by @tokatoka in #536
• Initial support to Python bindings for the libafl crate by @faroukfaiz10 in #429
• Walk the map observer using as_ref_iter() in the map feedback by @andreafioraldi in #535
• libafl_qemu decouple hooks from the executor and QemuForkExecutor by @andreafioraldi in #528
• [libafl_qemu] EasyElf::resolve_symbol return GuestAddr by @evanrichter in #540
• Add signal option to forkserver_simple by @tklengyel in #548
• Closure hooks and on thread create hook by @andreafioraldi in #542
• afl_exec_sec feature to count executions per second in the same way as AFL (sliding window), disabled by default by @andreafioraldi in #555
• Add function call level granularity for coverage accounting by @shouc in #552
• Add probabilistic sampling corpus scheduler by @shouc in #544
• Dump Control Flow Graph in AFLCoverage LLVM Pass by @shouc in #557
• Weighted corpus entry selection by @tokatoka in #570
• Set the number of stacked mutations in MOpt mutator by @tokatoka in #587
• Powerschedule::RAND by @tokatoka in #596
• Use ucontext from bolts::os::unix_signals for armv7 support by @pr0me in #612
• Update clap by @tokatoka in #621
• adding equivalent arm32 syscall for qemu snapshot by @elbiazo in #628
• Cmplog New Pass Manager & LLVM 14 Fixes by @tokatoka in #626
• Added autofix script by @domenukk in #639
• Moved to no_std preamble by @domenukk in #643
• Drop the build_id depedency and move to bolts by @andreafioraldi in #649
• Make OutFile auto-remove refcounted on drop by @domenukk in #654
• Windows-rs Update by @tokatoka in #657
• Moved core_affinity to bolts by @domenukk in #655
• Windows CI for frida by @tokatoka in #658
• C forkserver logic in libafl_targets by @andreafioraldi in #650
• Apple aarch64 fixes by @domenukk in #660
• LIBAFL_DEBUG_OUTPUT in Launcher and OnDiskTOMLMonitor to create fuzzer_stats by @andreafioraldi in #666
• Generating core ids based on the actual count of logical cores by @wizche in #669
• CustomBuf Events to exchange any data between fuzzers by @domenukk in #672
• New hooks for libafl_qemu by @andreafioraldi in #673
• Extend weighted scheduler by @tokatoka in #685
• TUI monitor no longer breaks the terminal if main thread panics by @TeumessianFox in #699

New Contributors

• @sagittarius-a made their first contribution in #488
• @epi052 made their first contribution in #492
• @yussf made their first contribution in #379
• @tklengyel made their first contribution in #548
• @shouc made their first contribution in #552
• @syheliel made their first contribution in #564
• @h1994st made their first contribution in #606
• @WilliamParks made their first contribution in #623
• @aoli-al made their first contribution in #616
• @elbiazo made their first contribution in #628
• @peamaeq made their first contribution in #637
• @wizche made their first contribution in #669
• @z2-2z made their first contribution in #688
• @Scepticz made their first contribution in #675
• @TeumessianFox made their first contribution in #699

Full Changelog: 0.7.1...0.8.0

0.7.1

Highlights

• a new libafl_qemu API for binary-only fuzzing
• heaps of fixes for libafl_frida and better Windows support
• MiMalloc allocator for speed and stability in examples
• Less (!) generics
• Message-passing fixes for aarch64

What's Changed

• Windows timeout fix with critical sections by @tokatoka in #391
• Symcc submodule referencing a path by @domenukk in #411
• Fix timeout type from u32 to i64 in windows TimeoutExecutor by @tokatoka in #414
• Fix forkserver_simple clap issue by @tokatoka in #412
• Fix Clap about() issue by @tokatoka in #417
• Debug output for forkserver by @andreafioraldi in #413
• Reworking example fuzzers to use Structopt instead of yaml, and introduced Cores API by @domenukk in #420
• Fix makefile for frida_libpng by @domenukk in #422
• Various fixes for CI by @domenukk in #423
• Open the stdout-file once by @s1341 in #419
• Use AddVectoredExceptionHandler to register exception handlers by @tokatoka in #403
• Frida Refactor: Separate Frida other helper functions into each Runtime by @tokatoka in #418
• Implement AflMap by @vanhauser-thc in #416
• Frida shadow fix by @tokatoka in #425
• Fix frida-mode for debug builds, ensure it will continue to work on release builds by @s1341 in #427
• Other/User defined WIndows Exceptions by @tokatoka in #402
• Refactor libafl_qemu creating the Emulator struct and post syscall hooks by @andreafioraldi in #430
• Drcov remodelling by @domenukk in #415
• DrCov Runtime by @tokatoka in #432
• Implement max total allocation size for frida asan by @s1341 in #433
• Fix strncmp hook to only check the length of the needle string by @s1341 in #434
• [libafl_qemu] fix build.rs by @evanrichter in #435
• Frida various fixes by @s1341 in #436
• Use MiMalloc for fuzzbench fuzzer by @tokatoka in #439
• Add errors for missing Docs, add Docs by @domenukk in #440
• [libafl_qemu] prevent unneeded build.rs runs by @evanrichter in #441
• Updated dependencies by @domenukk in #443
• Derive debug for all structs in LibAFL by @domenukk in #442
• Cpu atomics for LLMP by @domenukk in #438
• [libafl_qemu] fix i386 Regs values by @evanrichter in #444
• Various fixes related to frida mode by @s1341 in #445
• Fix a typo in TODO.md by @yerke in #450
• Reorder type parameters in the correct order by @tokatoka in #449
• Disable pita 🥙 compiler in debug mode by @domenukk in #454
• Move to clap 3.0 by @domenukk in #447
• Add OwnedSlice::RefRaw to keep track of raw pointers by @domenukk in #448
• Reduce generics for various Has* traits by @evanrichter in #456
• Use UserStats for Stability by @tokatoka in #451
• Optional signal value to kill forked processes on timeout by @v-p-b in #461
• Fix windows build by @tokatoka in #462
• Asan fix by @tokatoka in #460
• Add --libaf-no-link to libafl_cc by @andreafioraldi in #464
• Shadow bit by @tokatoka in #455
• Bump to 0.7.1 by @andreafioraldi in #465
• Add --libafl arg in libafl_cc and enable it for fuzzbench by @andreafioraldi in #466
• Bump libafl_frida to 0.7.1 by @andreafioraldi in #467
• Bump libafl_sugar to 0.7.1 by @andreafioraldi in #468

New Contributors

• @yerke made their first contribution in #450
• @v-p-b made their first contribution in #461

Full Changelog: 0.7.0...0.7.1

0.7.0

What's Changed

• process crash handler, dump registers on macos arm64 by @devnexen in #271
• initial book entry for concolic by @julihoh in #257
• renamed target_os macos to target_vendor apple by @domenukk in #273
• Fix shmem on android by @s1341 in #272
• Symcc runtime docsrs fix by @julihoh in #270
• Build LibAFL Android in CI by @domenukk in #275
• Refactor configurations with EventConfig by @andreafioraldi in #277
• Token level fuzzing by @andreafioraldi in #274
• openbsd port. by @devnexen in #279
• Fix _LLMP_BIND_ADDR for Windows by @tokatoka in #285
• Build id configuration in std by @andreafioraldi in #286
• Use external, custom time function for no_std environments by @bitwave in #281
• ShMem server race-condition fix for #276 by @domenukk in #278
• Add core_id to launcher run_client closure signature by @s1341 in #290
• PowerSchedule::COE fix by @tokatoka in #295
• added write_file_atomic against ondisk corpus races by @domenukk in #294
• armv7 support: add ucontext struct definition by @pr0me in #297
• cbz, tbz, tbnz support for aarch64 cmplog by @domenukk in #298
• Qemu as lib by @andreafioraldi in #301
• WIP: added unfinished no_std docs by @bitwave in #282
• Example how to build baby-fuzzer as push instead of pull, using Klo-routines by @domenukk in #227
• Python basic bindings for sugar and qemu by @andreafioraldi in #302
• Book refactoring and update by @andreafioraldi in #280
• Fixed CI by ignoring python, resolved multiple warnings by @domenukk in #303
• Fix default UBSan options and avoid timeouts in crash handler by @andreafioraldi in #304
• Qemu new syscall hook and more python API by @andreafioraldi in #306
• Still fixing CI by @domenukk in #305
• Frida windows by @tokatoka in #287
• Qemu Helpers and basic snapshotting by @andreafioraldi in #310
• Allowlist and denylist for QEMU edges and cmps by @andreafioraldi in #311
• Qemu partial instr fix by @andreafioraldi in #312
• Qemu generic hooks by @andreafioraldi in #313
• Python generic qemu hook by @andreafioraldi in #314
• dumping process address maps on netbsd too by @devnexen in #316
• fix tutorial fuzzer by @julihoh in #323
• remove libafl_tests by @tokatoka in #324
• concolic optional runtime by @julihoh in #319
• init git submodule for symcc for symcc_runtime crate when publishing by @julihoh in #321
• don't include all of libafl for symcc_runtime by default by @julihoh in #320
• delayed checkout in ci by @domenukk in #326
• add ability to trace location information in concolic tracer by @julihoh in #322
• update packages related to concolic by @julihoh in #325
• 32 bit arm regs by @domenukk in #315
• update deps by @julihoh in #327
• Fix Typo. by @intrigus-lgtm in #330
• Error message in most likely case of using NONASAN and ASAN fuzzers using the same Fuzzer config by @marcinguy in #329
• Gramatron by @andreafioraldi in #332
• fixes for frida mode for win and checks in rust 1.56 by @domenukk in #334
• fix concolic nofloat filter by @julihoh in #333
• add support for aarch64 in libafl_qemu by @abgeana in #335
• Minor doc fixes by @faroukfaiz10 in #339
• Port gramatron preprocessing to Rust by @andreafioraldi in #341
• Atheris example to fuzz Python Code by @domenukk in #300
• Fix warnings for windows by @tokatoka in #344
• Fix #344 by @tokatoka in #345
• Upgrade to Rust 2021 Edition by @jamcleod in #340
• MultiMapObserver and sancov 8bit-counters instrumentation by @andreafioraldi in #343
• Fix double borrow mut in CachedOnDiskCorpus by @andreafioraldi in #347
• Frida Address Sanitizer for x86_64 by @tokatoka in #331
• Refcnt for MapIndexesMetadata by @andreafioraldi in #348
• Fix the number of clients spawned by @tokatoka in #349
• Minor readme improvement in frida_libpng fuzzer. by @expend20 in #350
• Fix Numbering in Docs by @expend20 in #354
• Fix cfgs for frida asan by @tokatoka in #353
• Fork feature flag to disable fork in Launcher by @domenukk in #351
• Bridge grammartec from Nautilus to libafl by @andreafioraldi in #342
• Fix MaxReducer docstring by @eknoes in #357
• remove unused const hashing mode by @domenukk in #358
• Fixed potential unsoundness due to Rc threading for ShMemProvider by @domenukk in #355
• Add minibsod by @s1341 in #362
• Cmplog instrumentation by @OmreeBenari in #363
• Launch every 100ms by @s1341 in #364
• Fix cfg directives for frida-asan by @s1341 in #365
• make dump_registers method public by @domenukk in #367
• frida-asan: Support different names for the libc++ shared object when hooking by @s1341 in #370
• Support suppression of hooked functions by @s1341 in #369
• Mutational Push Stage by @domenukk in #356
• implemented MapMaxPow2Feedback by @domenukk in #371
• Renamed Stats to Monitors by @domenukk in #373
• Fix staterestore by @tokatoka in #375
• Disk sync by @andreafioraldi in #377
• Reachability fuzzer fix by @tokatoka in #346
• Fix api by @tokatoka in #376
• Frida Refactor: Split FridaHelper into each Runtime by @tokatoka in #368
• AddressSanitizer for libafl_qemu by @andreafioraldi in #378
• Clippy fixes for main by @domenukk in #385
• libafl_qemu cpu_target cfg by @andreafioraldi in #383
• Delete "We're a client, let's fuzz :)" from lib by @tokatoka in #384
• Push stage trait by @domenukk in #380
• Frida Refactor: Frida executor by @tokatoka in #374
• Cmplog instrumentation by @OmreeBenari in #382
• InProcessHandlers by @andreafioraldi in #387
• Qemu fixes and syscalls for every supported arch by @andreafioraldi in #386
• Fix by @tokatoka in #388
• More LLVM passes from AFL++ by @andreafioraldi in #394
• dump_registers and write_crash for armv7 by @pr0me in #393
• make map debuggable by @domenukk in #396
• Ignored qemu fuzzer for non-linux by @domenukk in #397
• better forkserver example by @tokatoka in #3...

0.6.0

• libafl_qemu with CmpLog, syscalls hooks and more
• Refactor MOpt
• CachedOnDiskCorpus to have an in-memory cache while saving testcases on disk
• libafl_sugar with builder patterns to create common fuzzers
• Concolic Tracing (libafl_concolic @julihoh GSOC 2021)
• InProcessForkExecutor
• ForkserverExecutor shared mem testcase
• TimeoutExecutor for win32
• AFLFast power schedules (@tokatoka GSOC 2021)
• Fix shared memory on macOS

0.5.0

• LLVM passes support in libafl_cc
• Support to routines arguments in CmpLog
• We don't enforce serde on Observer anymore
• MOpt stage and mutator (@tokatoka GSOC 2021)
• Fix link issue when using the Libfuzzer layer and libafl_cc
• Fix some macOS build issues

0.4.0

• CmpLog instructions instrumentation for SanCov and Frida
• Naive Input-to-state mutator using the CmpLog metadata
• Generalize InProcessExecutor to a generic Input trait
• MultiStats stats display
• TimeoutForkserverExecutor
• Shadow Executor and Stage
• Single threaded restartable EventManager
• Configurations in EventManager
• Remove HasExecHooks
• Decouple broker from LlmpEventManager
• New fuzzers: Generic libfuzzer, Fuzzbench

0.3.0

• Refactor and introduce FeedbackState
• Launcher
• Introspection feature for performance measuring

Version 0.2.0

• baby_fuzzer book chapter
• LLMP TCP multi-machine
• Conditional composition of Feedbacks
• Allow lifetime in Observers
• Reachability example and Feedback

Version 0.1.0

First public release of LibAFL.